Free The SecOps Group CCPenX-Az Practice Test & Real Exam Questions

  • Exam Code/Number: CCPenX-Az
  • Exam Name/Title: Certified Cloud Pentesting eXpert - Azure
  • Certification Provider: The SecOps Group
  • Corresponding Certification: Cloud Pentesting eXpert
  • Exam Questions: 33
  • Updated On: Jul 07, 2026
You have been given a breached Azure user credential for an authorized lab tenant:
[email protected]
After logging in, identify the Azure Tenant ID and Subscription ID associated with the account.
Correct Answer:
See the Answer in Explanation below.
Explanation:
Tenant ID: 8f34c1de-1198-4c2a-b1a8-1eaa72f6e99a
Subscription ID: 5d8e44ac-24a9-43d9-9cb5-71b227a58021
Detailed Solution:
Log in with the supplied account:
az login -u [email protected] -p ' < password > ' Show the active Azure context:
az account show --output json
Expected relevant output:
{
" id " : " 5d8e44ac-24a9-43d9-9cb5-71b227a58021 " ,
" name " : " CloudCorp Security Lab " ,
" tenantDefaultDomain " : " cloudcorpsec.onmicrosoft.com " ,
" tenantId " : " 8f34c1de-1198-4c2a-b1a8-1eaa72f6e99a "
}
The tenantId is the Microsoft Entra tenant ID. The id field is the subscription ID.
Authenticate to Azure as a service principal using the credentials found in backup-config.json.
Correct Answer:
See the Answer in Explanation below.
Explanation:
Use az login --service-principal
Detailed Solution:
Command:
az login --service-principal \
-u c5fba7db-5e61-45bc-8944-3cd457bb19c2 \
-p ' < client-secret > ' \
--tenant 8f34c1de-1198-4c2a-b1a8-1eaa72f6e99a
Verify:
az account show --output json
Expected important field:
{
" user " : {
" name " : " c5fba7db-5e61-45bc-8944-3cd457bb19c2 " ,
" type " : " servicePrincipal "
}
}
This confirms you are authenticated as the App Registration/service principal.
Using a discovered SAS token with read/list permissions, enumerate blobs inside the sensitive-exports container. Which file contains credentials?
Correct Answer:
See the Answer in Explanation below.
Explanation:
service-principal-creds.json
Detailed Solution:
Set variables:
ACCOUNT= " prodreportstore01 "
CONTAINER= " sensitive-exports "
SAS= " ?sv=2025-01-05 & ss=b & srt=sco & sp=rl & se=2026-08-01T00:00:00Z & sig= < signature > " List blobs:
az storage blob list \
--account-name " $ACCOUNT " \
--container-name " $CONTAINER " \
--sas-token " $SAS " \
--query " [].name " \
--output table
Expected output:
Name
----------------------------
monthly-report.csv
service-principal-creds.json
readme.txt
The credential file is:
service-principal-creds.json
================
Inside the public blob container, a file named backup-config.json contains service principal credentials. What field contains the App Registration client ID?
Correct Answer: B Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).